.png)
4 days ago
17 BOOK THIS SPACE FOR AD
ARTICLE AD
SQL Injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It typically occurs when an application fails to properly sanitize user input, allowing malicious SQL code to be executed.
Now lets get into the labSo this is our SQL injection lab. In this lab, the vulnerability is present in the login page of the my account. Let me show you the login page
This is our login page. The sql injection vulnerability is present in the username of the login page. If you read the instructions, You found out that you have to solve the lab as administrator. So the first hint we get is the username. So we can generate payloads using the username administrator.
So this is the payload that i generated using Chatgpt. You can generate your own payload using Chatgpt.
First i will capture the request that is post request. And you can see that the username and password is random. So i sent this request to intruder.
Now you use the Add § and what it does is that, it applies the payload when you use the symbol §. You have to apply the symbol § to both of the username and password. Now you go to the payload section.
Now you paste the payload i showed you above. And, you start the attack.
Now if you analyse the attack you realise that the most of the response is shown as 400 which is also known as Bad request. The only different request you get is this
Now you login into the login page with the username this. and you can add random password as it doesnt matter, as- — comments out the rest.
Now you have solved the lab.
Bengali (Bangladesh) · 
English (United States) ·